File: 255584cb38169bb04fb690ab8eea881a

Metadata
File name:svchost.exe
File type:PE32 executable (GUI) Intel 80386, for MS Windows
File size:133710 bytes
Analysis date:2016-08-25 20:34:43
MD5:255584cb38169bb04fb690ab8eea881a
SHA1:340e0af98288c33a2eaa94ef563ac2c2f1578a5e
SHA256:3f3b4ef79401d536eb43236583c71c48f79a7e1ec56f670a9bfa568d555416dd
SHA512:1fdf235d1d23d3d7e19c8728afa85e7fd176a20db9776411352be9b944773bfde91d54f423a6688fa26bb68b3bb461a6877e1e8d3d039f8031cb81c565d6e6f6
SSDEEP:3072:VVqoCl/YgjxEufVU0TbTyDDalbiRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRe:VsLqdufVUNDaD
IMPHASH:8c16c795b57934183422be5f6df7d891
Authentihash:N/A
Related resources
APTNotes
Cyber threat intelligence reports associated with 255584cb38169bb04fb690ab8eea881a.
Loading...
Domains
Domains the malware sample communicates with.
Hosts
Hosts the malware sample communicates with.
HTTP Requests
HTTP requests the malware sample makes.
AV Detections
AV detection names associated with the malware sample.
ALYacGen:Variant.Symmi.43980
AVGAgent4.ALYU
AVwareTrojan.Win32.Agent.abzf (v)
Ad-AwareGen:Variant.Symmi.43980
AhnLab-V3Trojan/Win32.Swisyn.R1452
Antiy-AVLTrojan/Win32.Agent
ArcabitTrojan.Symmi.DABCC
AvastWin32:VB-OJQ [Wrm]
AviraWORM/Mofksys.bouem
BaiduWin32.Worm.VB.b
BitDefenderGen:Variant.Symmi.43980
BkavW32.DxedaZAV.Trojan
CAT-QuickHealWorm.Agent.XJ3
ClamAVWin.Trojan.Agent-1109049
ComodoTrojWare.Win32.VB.QOTY
CrowdStrikemalicious_confidence_100% (D)
CyrenW32/TJtroj.A.gen!Eldorado
DrWebWin32.HLLP.Swisyn
ESET-NOD32a variant of Win32/VB.QOT
EmsisoftGen:Variant.Symmi.43980 (B)
F-ProtW32/TJtroj.A.gen!Eldorado
F-SecureGen:Variant.Symmi.43980
FortinetW32/VB.QCC!tr.dldr
GDataGen:Variant.Symmi.43980
IkarusTrojan.Win32.VB
JiangminTrojan/Agent.hxgb
K7AntiVirusTrojan-Downloader ( 0011507f1 )
K7GWTrojan-Downloader ( 0011507f1 )
KasperskyTrojan.Win32.Agent.xjgj
MalwarebytesTrojan.Agent
McAfeeW32/Swisyn.ai
McAfee-GW-EditionBehavesLike.Win32.Swisyn.cm
MicroWorld-eScanGen:Variant.Symmi.43980
MicrosoftWorm:Win32/Mofksys!rfn
NANO-AntivirusTrojan.Win32.Agent.cqkyjd
PandaTrj/Spy.AT
Qihoo-360HEUR/QVM03.0.0000.Malware.Gen
RisingTrojan.Agent!1.6A70
SUPERAntiSpywareTrojan.Agent/Gen-Gosys
SophosTroj/Agent-ABZF
SymantecW32.Gosys!gen1
TheHackerTrojan/Downloader.VB.qcc
TotalDefenseWin32/Tnega.SHMfXW
TrendMicroPE_SWISB.A-O
TrendMicro-HouseCallPE_SWISB.A-O
VBA32Trojan.Agent
VIPRETrojan.Win32.Agent.abzf (v)
YandexTrojan.Agent!4gxD+wIprsY
ZillyaVirus.HLLP.Win32.1
Mutants
Mutants created by the malware sample.
Registry keys
Registry keys created by the malware sample.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\SystemShared
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Codepage
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VBA\Monitors
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004_Classes
HKEY_LOCAL_MACHINE\Software\Classes
\REGISTRY\USER
HKEY_LOCAL_MACHINE\Software\Classes\CLSID
CLSID\{ED6CA17F-B4CC-4BF9-B426-0BDE01CB7E81}
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\Explorer\Process
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\HTML Help
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Help
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\TreatAs
\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\InprocServer32
\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\InprocServerX86
\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\LocalServer32
\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\InprocHandler32
\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\InprocHandlerX86
\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
HKEY_CLASSES_ROOT\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\TreatAs
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
HKEY_CLASSES_ROOT\AppID\svchost.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName
ActiveComputerName
HKEY_CLASSES_ROOT\Interface\{85CB6900-4D95-11CF-960C-0080C7F4EE85}
HKEY_CLASSES_ROOT\Interface\{85CB6900-4D95-11CF-960C-0080C7F4EE85}\ProxyStubClsid32
CLSID\{00020424-0000-0000-C000-000000000046}
CLSID\{00020424-0000-0000-C000-000000000046}\TreatAs
\CLSID\{00020424-0000-0000-C000-000000000046}
\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32
\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServerX86
\CLSID\{00020424-0000-0000-C000-000000000046}\LocalServer32
\CLSID\{00020424-0000-0000-C000-000000000046}\InprocHandler32
\CLSID\{00020424-0000-0000-C000-000000000046}\InprocHandlerX86
\CLSID\{00020424-0000-0000-C000-000000000046}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\CLSID\{00020424-0000-0000-C000-000000000046}\TreatAs
Interface\{85CB6900-4D95-11CF-960C-0080C7F4EE85}\ProxyStubClsid32
Interface\{85CB6900-4D95-11CF-960C-0080C7F4EE85}\Forward
HKEY_CLASSES_ROOT\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}
HKEY_CLASSES_ROOT\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1
HKEY_CLASSES_ROOT\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1\0
HKEY_CLASSES_ROOT\TypeLib\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1\0\win32
HKEY_CLASSES_ROOT\TypeLib
HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0
HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0
HKEY_CLASSES_ROOT\TypeLib\{00020430-0000-0000-C000-000000000046}\2.0\0\win32
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc
HKEY_CLASSES_ROOT\Interface\{00020400-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{00020400-0000-0000-C000-000000000046}\ProxyStubClsid32
CLSID\{00020420-0000-0000-C000-000000000046}
CLSID\{00020420-0000-0000-C000-000000000046}\TreatAs
\CLSID\{00020420-0000-0000-C000-000000000046}
\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32
\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServerX86
\CLSID\{00020420-0000-0000-C000-000000000046}\LocalServer32
\CLSID\{00020420-0000-0000-C000-000000000046}\InprocHandler32
\CLSID\{00020420-0000-0000-C000-000000000046}\InprocHandlerX86
\CLSID\{00020420-0000-0000-C000-000000000046}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\CLSID\{00020420-0000-0000-C000-000000000046}\TreatAs
HKEY_CLASSES_ROOT\Interface\{B196B284-BAB4-101A-B69C-00AA00341D07}
HKEY_CLASSES_ROOT\Interface\{B196B284-BAB4-101A-B69C-00AA00341D07}\ProxyStubClsid32
CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}
CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\TreatAs
\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}
\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32
\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServerX86
\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\LocalServer32
\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocHandler32
\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocHandlerX86
\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\LocalServer
HKEY_CLASSES_ROOT\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}
HKEY_CLASSES_ROOT\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\TreatAs
HKEY_CLASSES_ROOT\Interface\{B196B286-BAB4-101A-B69C-00AA00341D07}
HKEY_CLASSES_ROOT\Interface\{B196B286-BAB4-101A-B69C-00AA00341D07}\ProxyStubClsid32
HKEY_CLASSES_ROOT\Interface\{FE4106E0-399A-11D0-A48C-00A0C90A8F39}
HKEY_CLASSES_ROOT\Interface\{FE4106E0-399A-11D0-A48C-00A0C90A8F39}\ProxyStubClsid32
Interface\{FE4106E0-399A-11D0-A48C-00A0C90A8F39}\ProxyStubClsid32
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004
Software\Policies\Microsoft\Control Panel\International\Calendars\TwoDigitYearMax
Control Panel\International\Calendars\TwoDigitYearMax
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Schedule\Parameters
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\msapsspc.dll
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\digest.dll
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SaslProfiles
\ProxyStubClsid32
Comments
User comments about 255584cb38169bb04fb690ab8eea881a.
NOTICE: We have updated our privacy terms and conditions in accordance to GDPR. By using our site, you acknowledge that you have read and understand our Privacy Policy. Your use of ThreatMiner’s Products and Services is subject to these policies and terms.